tele9752wikiaorg-20200213-history
XxK1
Background: Know: Recognize: NM services: ICMP, ICMP unreachable, traceroute, ping, source routing, whois To understand the content, the following pages can be helpful: #Network security #What is Security #Security devices #Security & NM are symbiotic #Security of management and management of security #Security & NM share mechanisms Tension between security & NOC Tension between security and network management is due to the increasing use of network management and minimising of security. Despite symbiotic relationship between security and NOC}, there has been some conflicts between security and NOC requirements. Contradictory requirements are faced when enhancing both simultaneously. For example: Regarding range of services, security concerns suggest that the services/protocols should be minimized and limited to those necessary e.g. HTTP, DNS+?, SMTP, IMAP, FTP, and excluding those with security risks, for example, ICMP is sometimes blocked for security. While NOC requirements suggest that the services should be expanded to manage the system easily including, for example, ICMP, traceroute, ping, loose source routing, whois}. Similarly, regarding feedback to users, security imposes limitations while NOC requires more services. Take ICMP unreachable errors as an example: The Destination Unreachable message is an ICMP message which is generated by the host or its inbound gateway to inform the clients that the destination is unreachable for some reasons. A Destination Unreachable message may be generated as a result of a TCP, UDP or another ICMP transmission. Unreachable TCP ports notably respond with TCP RST rather than a Destination Unreachable type 3 as might be expected.4 The feedback to user is about why access failed and give some suggested workarounds. To solve the tension between between security and NOC, we should be familiar with threats that can attack your company's networks any number of ways: malware spread by e-mail or spam, probing botnets, or phishing attacks hosted on Websites. Increasingly, attacks target: Extensible markup language (XML) traffic Service-oriented architecture (SOA) Web services Identifying threats coming from multiple potential fronts requires a strong systems-based approach. Such an approach encompasses your entire network infrastructure, including: Endpoints, infrastructure, and e-mail, all your network infrastructure are encompassed by this approach and you will benefit from this strategy in common policy configuration across products and collaboration between devices to identify threats and malware events. Also, reducing configuration complexity, more effective risk analysis, better operational control will lead to the result: increased protection and reduced costs. Integrating security throughout the network infrastructure can protect each endpoint and device within the network. This way, every device in your network acts as a point of defense, working together to provide you the highest level of protection.3 See also #Corresponding TELE9752 lecture slide #Cisco website for Security Comes to SNMP: The New SNMPv3 Proposed Internet Standards information #Relevant Materials: Cloud creates tension between accessibility and security #PPT:Security in Network Management #Youtube: Mastering Network Security with Cisco Virtual Network Management Center Reference #Clemm: Network Management Fundamentals, Cisco Press, 2006 #Comer: Automated Network Management Systems: Current and Future Capabilities, Pearson, 2007 #Sisco systems: Minimize Network Threats #"Security Comes to SNMP: The New SNMPv3 Proposed Internet Standards", Internet Protocol Journal, 1(3):2-12 #ICMP Destination Unreachable #SNMPv3 IETF STD62 = RFCs 3410-9 #“SNMPv3: A security enhancement for SNMP”, IEEE Communications Surveys #Ch. 8 of Network Security Essentials: Applications and Standards, 3rd edition #Ch. 15-17 of SNMP, SNMPv2, SNMPv3, RMON 1 and 2, 3rd edition Category:All